Even as the famed Ragnarok ransomware gang shuts down operations, LockFile ransomware has emerged from the shadows, taking advantage of vulnerabilities like PetitPotam and ProxyShell.
This ransomware variant uses an intermittent file encryption technique to evade detection. The behavior is similar to that of BlackMatter, LockBit 2.0, and DarkSide, but LockFile encrypts only every other 16 bytes of a file.
LockFile was first spotted attacking a U.S. financial organization, and has quickly set itself apart from the other cybercrime gangs. The group is primarily targeting organizations in the U.S. and Asia, but attacks have been seen around the world. LockFile appears to focus on targets in the finance, manufacturing, legal, travel, engineering, and business services sectors.
The Active Protection in Acronis Cyber Protect already detects and blocks LockFile ransomware, thanks to advanced behavioral heuristics that can identify even never-before-seen threats based on the malicious behaviors they exhibit.
